> > As I understand it, OpenSSL will call abort() when it detects attack > > against any hole in SSL. > > Unh, no. The only time it calls abort is with -DREF_CHECK, and if a > reference count is less than zero, which is a "can't happen" condition. the new patches that fix various buffer overflows in SSL code call abort() anytime attacker wants. arne ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- OpenSSL patches for other versions Ben Laurie
- Re: OpenSSL patches for other versions Arne Ansper
- Re: OpenSSL patches for other versi... Rich Salz
- Re: OpenSSL patches for other v... Arne Ansper
- Re: OpenSSL patches for oth... Rich Salz
- Re: OpenSSL patches for other versi... Bodo Moeller
- Re: OpenSSL patches for other versions Ademar de Souza Reis Jr.
- Re: OpenSSL patches for other versi... Vincent Danen
- Re: OpenSSL patches for other versi... kumar
- Re: OpenSSL patches for other v... Richard Levitte - VMS Whacker
- Re: OpenSSL patches for other versions Jeffrey Altman
- Re: OpenSSL patches for other versions Jeffrey Altman
- Re: OpenSSL patches for other versions mlafon
- RE: OpenSSL patches for other versions Kim, Peter